Releases: cloudposse/terraform-aws-cloudfront-s3-cdn
v1.0.1
🚀 Enhancements
fix: Resolve unsupported attribute error in S3 website block @jwadolowski (#358)
## whatRestore lookup() calls in main.tf to address the website_enabled = true use case that was broken when #340 replaced them with explicit variable calls to avoid silent default value assignments. Additionally includes corresponding module instances in the test suite.
why
website_enabled = true implies a reference to 2 mutually exclusive configurations defined as the local.website_config variable. In the default case, index_document, error_document, and routing_rules elements exist, but redirect_all_requests_to does not, which leads to the following error:
╷
│ Error: Unsupported attribute
│
│ on ../../main.tf line 325, in resource "aws_s3_bucket" "origin":
│ 325: redirect_all_requests_to = website.value.redirect_all_requests_to
│ ├────────────────
│ │ website.value is object with 3 attributes
│
│ This object does not have an attribute named "redirect_all_requests_to".
╵
Similarly, website_enabled = true combined with redirect_all_requests_to = "https://example.com" would result in missing references to the index_document, error_document, and routing_rules fields.
All in all, in this particular case, the lookup() usage is definitely justified and does not mean a silent/hidden injection of a variable default.
references
- resolves #354
Contributors
Assets 2
v0.98.2
🤖 Automatic Updates
chore(deps): update terraform cloudposse/s3-log-storage/aws to v1.4.5 (release/v0) @[renovate[bot]](https://github.com/apps/renovate) (#351)
This PR contains the following updates:| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/s3-log-storage/aws (source) | module | patch | 1.4.2 -> 1.4.5 |
Release Notes
cloudposse/terraform-aws-s3-log-storage (cloudposse/s3-log-storage/aws)
v1.4.5
🚀 Enhancements
fix: remove join calls on bucket arn + id usage @carterdanko-dw (#125)
what
- Initially put the wrong values for coditions, just needs to be a list
- Bucket should be single resource vs joining on a list.
references
issue #122
🐛 Bug Fixes
fix: remove join calls on bucket arn + id usage @carterdanko-dw (#125)
what
- Initially put the wrong values for coditions, just needs to be a list
- Bucket should be single resource vs joining on a list.
references
issue #122
v1.4.4
🚀 Enhancements
Issue-122/Values expect list of strings vs string @carterdanko-dw (#123)
what
Updating the sqs iam permissions, as the values expects to be a list of strings vs just the single string arn that is the output of the module.
why
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam\_policy\_document#condition-1 expects to be a list of strings, vs just the single string arn of the s3 bucket.
references
Github issue #122
🐛 Bug Fixes
Issue-122/Values expect list of strings vs string @carterdanko-dw (#123)
what
Updating the sqs iam permissions, as the values expects to be a list of strings vs just the single string arn that is the output of the module.
why
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam\_policy\_document#condition-1 expects to be a list of strings, vs just the single string arn of the s3 bucket.
references
Github issue #122
🤖 Automatic Updates
Migrate new test account @osterman (#119)
what
- Update
.github/settings.yml - Update
.github/chatops.ymlfiles
why
- Re-apply
.github/settings.ymlfrom org level to getterratestenvironment - Migrate to new
testaccount
References
- DEV-388 Automate clean up of test account in new organization
- DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
- DEV-386 Update terratest to use new testing account with GitHub OIDC
Update .github/settings.yml @osterman (#118)
what
- Update
.github/settings.yml - Drop
.github/auto-release.ymlfiles
why
- Re-apply
.github/settings.ymlfrom org level - Use organization level auto-release settings
references
- DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update .github/settings.yml @osterman (#112)
what
- Update
.github/settings.yml - Drop
.github/auto-release.ymlfiles
why
- Re-apply
.github/settings.ymlfrom org level - Use organization level auto-release settings
references
- DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update .github/settings.yml @osterman (#111)
what
- Update
.github/settings.yml - Drop
.github/auto-release.ymlfiles
why
- Re-apply
.github/settings.ymlfrom org level - Use organization level auto-release settings
references
- DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update release workflow to allow pull-requests: write @osterman (#110)
what
- Update workflow (
.github/workflows/release.yaml) to have permission to comment on PR
why
- So we can support commenting on PRs with a link to the release
Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#109)
what
- Update workflows (
.github/workflows) to use shared workflows from.githubrepo
why
- Reduce nested levels of reusable workflows
Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#108)
what
- Update workflows (
.github/workflows) to addissue: writepermission needed by ReviewDogtflintaction
why
- The ReviewDog action will comment with line-level suggestions based on linting failures
Update GitHub workflows @osterman (#107)
what
- Update workflows (
.github/workflows/settings.yaml)
why
- Support new readme generation workflow.
- Generate banners
Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#106)
what
- Install latest GitHub Action Workflows
why
- Use shared workflows from
cldouposse/.githubrepository - Simplify management of workflows from centralized hub of configuration
Add GitHub Settings @osterman (#104)
what
- Install a repository config (
.github/settings.yaml)
why
- Programmatically manage GitHub repo settings
Update README.md and docs @cloudpossebot (#99)
what
This is an auto-generated PR that updates the README.md and docs
why
To have most recent changes of README.md and doc from origin templates
Update Scaffolding @osterman (#100)
what
- Reran
make readmeto rebuildREADME.mdfromREADME.yaml - Migrate to square badges
- Add scaffolding for repo settings and Mergify
why
- Upstream template changed in the
.githubrepo - Work better with repository rulesets
- Modernize look & feel
v1.4.3
🤖 Automatic Updates
Update Terraform cloudposse/s3-bucket/aws to v3.1.3 (main) @renovate (#95)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/s3-bucket/aws (source) | module | patch | 3.1.2 -> 3.1.3 |
Release Notes
cloudposse/terraform-aws-s3-bucket (cloudposse/s3-bucket/aws)
v3.1.3
Unfortunately, this change makes count unknown at plan time in certain situations. In general, you cannot use the output of compact() in count.
The solution is to stop using the deprecated policy input and revert to 3.1.2 or upgrade to 4.0.
🚀 Enhancements
Fix `source_policy_documents` combined with `var.policy` being ignored @​johncblandii (#​201)
what
- Changed
var.source_policy_documentstolocal.source_policy_documentssovar.policyusage was still supported
why
- The ternary check uses
var,source_policy_documentssovar.policybeing combined withvar.source_policy_documentsintolocal.source_policy_documentsdoes not providetruefor the ternary to execute
references
Update README.md and docs @cloudpossebot (#94)
what
This is an auto-generated PR that updates the README.md and docs
why
To have most recent changes of README.md and doc from origin templates
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the [repository job log](https://develo...
v1.0.0
feat: Backport cloudposse/cloudfront-cdn/aws improvements @jwadolowski (#340)
## whatBackport of the following cloudposse/terraform-aws-cloudfront-cdn improvements:
- cloudposse/terraform-aws-cloudfront-cdn#140
- cloudposse/terraform-aws-cloudfront-cdn#142
- cloudposse/terraform-aws-cloudfront-cdn#147
- cloudposse/terraform-aws-cloudfront-cdn#149
Detailed breakdown:
aws_s3_bucket_cors_configurationis deployed only when at least one CORS origin is defined (examples/complete/minimal.tffails if this isn't handled)- don't use
lookup()(or any other default variable value fallback method) - all defaults should be defined in thevariables.tffile - wrap optional variables with
optional()and provide sane defaults (in most cases that'd be empty string/list/nullor predefined AWS default when applicable, e.g. timeout values) - default origin
- add
origin_keepalive_timeoutandorigin_read_timeout
- add
- custom origin improvements
- enable shield configuration
- custom s3 origins
- allow for shield configuration
- fix
origin_access_control_idassignment (origin.value.s3_origin_config.origin_access_control_iddoesn't exist, butorigin.value.origin_access_control_iddoes)
- ordered cache improvements
- gRPC support
cookieblock should setwhitelisted_namesparam only whenforward=whitelist(in all other cases,allandnone, thewhitelisted_namesis automatically set tonull)
why
Both CloudPosse CDN modules should stay in sync (feature-wise) and leverage the same set of improvements.
references
includes #347 to re-generate docs after changes.#347should get merged first
Contributors
Assets 2
v0.98.1
fix(lambda@edge): Add support for doc auto-generation with atmos @jwadolowski (#347)
## whatREADME.md generation support with atmos CLI.
why
#342 replaced Makefile with atmos.yaml for the main module, but Lambda@Edge submodule got overlooked.
references
🤖 Automatic Updates
Contributors
Assets 2
v0.98.0
fix: terratest w/ go updates @oycyc (#337)
Not familiar with how Go works, but following the suggestions to update packages looks to fix the tests in this repository!The commands I executed per @Nuru 's suggestion on Slack:
cd test/src
go get -u ./... [github.com/gruntwork-io/terratest](http://github.com/gruntwork-io/terratest) [github.com/stretchr/testify](http://github.com/stretchr/testify) [email protected]
go mod tidy
Slack thread here on CloudPosse: https://sweetops.slack.com/archives/G014YEKDH4K/p1748635698940509?thread_ts=1746672149.263629&cid=G014YEKDH4K
🚀 Enhancements
replace TLSv1.2_2019 with TLSv1.2_2021 as default policy @jamerply (#294)
## whatThis PR updates the mimimum_protocol_version variable so that it defaults to TLSv1.2_2021 (the current recommended security policy recommended by AWS) instead of TLSv1.2_2019.
why
The most current security policy is no longer TLSv1.2_2019 but is TLSv1.2_2021.
references
See the "Security Policy" heading under the "Distribution Setting" section of the AWS CloudFront Documentation for further information.
Contributors
Assets 2
v0.97.0
🚀 Enhancements
feat: Add support for custom Lambda@Edge policies @jwadolowski (#333)
## whatExecution role associated with Lambda@Edge comes with a hardcoded policy that enables write access to CloudWatch logs. This PR adds support for additional policies. It was implemented in a similar fashion to additional_bucket_policy from the parent module.
why
It's a fairly common situation that a Lambda@Edge function needs access to other AWS services/resources than CloudWatch logs. aws_lambda_function's role argument expects a single role ARN, therefore the only reasonable option is to append new policy statements to the IAM role created in scope of this module.
references
closes #261
Contributors
Assets 2
v0.96.2
🚀 Enhancements
Set allowed and cache methods as non nullable @travis-reed (#324)
what
Set allowed_methods and cached_methods as non nullable
Setting nullable to false ensures that the variable value will never be null within the module. If nullable is false and the variable has a default value, then Terraform uses the default when a module input argument is null.
why
I want to be able to sometimes call this module with explicit allowed_methods and cached_methods and sometimes just use the module defaults.
As it stands, I cannot do that without making my default value match your default value. It would be better for the module to use its defaults when I pass in null
Right now I am hitting
Error: Missing required argument
with module.fanx.module.sdp_assets.module.static_cdn.aws_cloudfront_distribution.default[0],
on /tmp/terraform-data-dir/modules/fanx.sdp_assets.static_cdn/main.tf line 522, in resource "aws_cloudfront_distribution" "default":
522: allowed_methods = var.allowed_methods
The argument "default_cache_behavior.0.allowed_methods" is required, but no
definition was found.
Which I can work around by setting a default on my side, but it isn't ideal behavior
references
- https://developer.hashicorp.com/terraform/language/values/variables#disallowing-null-input-values
- https://stackoverflow.com/questions/72213875/transformer-how-to-call-a-module-with-variables-as-default-value
Additional Notes
I wouldn't consider this a breaking change. Today, the behavior if you pass in null as the argument to the module you will get a failure as shown above. This makes passing in null possible without negatively impacting existing users.
Contributors
Assets 2
v0.96.1
🚀 Enhancements
memory and timeout vars for lambda@edge @mihaiplesa (#330)
## whatAllow to configure memory size and timeout for Lambda@Edge module.
why
These fields are not configurable now.
references
Resolves #331
Contributors
Assets 2
v0.96.0
Adding origin_access_control_id to custom_origins @jjchiw (#326)
Adding Origin Access Control Id to Custom Originswhat
Custom Origins didn't have Origin Access Control
Implements this infrastructure
why
Custom Origins didn't have Origin Access Control if we wanted to invoke a lambda we were not able to do it
references
Summary by CodeRabbit
-
New Features
- Enhanced configuration options for custom origins in CloudFront with the addition of
origin_access_control_id. - Updated variable definitions for
custom_originsands3_originsto include access control ID.
- Enhanced configuration options for custom origins in CloudFront with the addition of
-
Bug Fixes
- Deprecated certain variables to streamline configuration and encourage best practices.
-
Documentation
- Updated documentation to reflect changes in variable structures and configurations.
Contributors
Assets 2
v0.95.1
Add support for origin-access-control @rankin-tr (#319)
## what- add Origin Access Control feature
- add
var.origin_access_typeto enable Origin Access Identity or Origina Access Control policy - add
aws_cloudfront_origin_access_control.defaultresource - add
origin_access_control_idargument to origin config onaws_cloudfront_distribution.default
- add
- update example code
- update README
why
- provide the ability to make use of an Origin Access Control
- retain default origin access identity behavior
- AWS recommends using origin access control
- Origin Access Identities are flagged in AWS Security Hub
references
🤖 Automatic Updates
Migrate new test account @osterman (#322)
## what - Update `.github/settings.yml` - Update `.github/chatops.yml` fileswhy
- Re-apply
.github/settings.ymlfrom org level to getterratestenvironment - Migrate to new
testaccount
References
- DEV-388 Automate clean up of test account in new organization
- DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
- DEV-386 Update terratest to use new testing account with GitHub OIDC
Update .github/settings.yml @osterman (#321)
## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` fileswhy
- Re-apply
.github/settings.ymlfrom org level - Use organization level auto-release settings
references
- DEV-1242 Add protected tags with Repository Rulesets on GitHub
